AutoSSL CLI uapi for specified domain only?
I'm trying to eliminate having to manually go in to cPanel every single time I setup a domain account using my web platform.
From PHP through the CLI can I list domains that are not yet secure?
This would be useful to skip running AutoSSL if a domain name is already secure.
From PHP through the CLI can I run AutoSSL once for a specified domain name only?
If I can run AutoSSL for just a specified domain then it should take less time and hopefully I won't have to spend time manually checking cPanel.
The command uapi SSL get_autossl_problems --output=json only lists domains that aren't pointed at my server.
The command uapi SSL get_autossl_excluded_domains --output=json only lists domains that are blacklisted from the general AutoSSL process.
-
Hey there! I wouldn't have any tips for doing this through PHP, but I'm curious at the specific problem you're trying to solve. Whenever a domain is created on a cPanel system AutoSSL will attempt to run, usually within the first hour or so, so I would expect the domains to all be secured shortly after the time they are created. Are you not seeing that happen, or not expecting that to happen in certain cases?
We do have an API call that allows you to run AutoSSL for the current user here:
https://api.docs.cpanel.net/openapi/cpanel/operation/start_autossl_check/
and this specific call will let you see if there are issues with the AutoSSL system for a particular domain:
https://api.docs.cpanel.net/openapi/cpanel/operation/get_autossl_problems/
0 -
Hi Rex! So the problem is that I can't wait an hour. I setup new Domain Accounts on the spot and need to immediately access them. I don't mind waiting a minute or two, that is fine.
The following commands are run to get the new Domain Account up and working from PHP through
shell_exec():'cpapi2 Park park domain='.$domain'uapi SSL remove_autossl_excluded_domains domains=\''.$domain.'\' --output=json''uapi SSL remove_autossl_excluded_domains domains=\'mail.'.$domain.'\' --output=json''uapi SSL remove_autossl_excluded_domains domains=\'www.'.$domain.'\' --output=json''whmapi1 start_autossl_check_for_one_user''cpapi2 Park listparkeddomains --output=json'What I would like to do is run a command to have AutoSSL run immediately and only execute for the specified domain name. If I have to wait a couple miuntes, okay fine, we do do a quick bathroom break. But my website clients are often complaining that things taking too long because they don't get what it takes to do my job the right way.
If there something that looks like the following?
uapi SSL autossl_execute_domain_specific domain='example.com'0 -
I'm not finding a way to have it JUST do that - it only runs for the whole domain unless you've setup the exclusions like you've already done.
I could submit a feature request, but I can foresee them saying "just do the exclusions since that tool already exists" but it never costs to ask.
0 -
Rex, you just gave me an odd idea. Could I, in theory, add every domain except the one I want to process to the disabled list? Then process the one domain alone quicker. Then lastly add all of the domains back to the enabled list?
- List all of the existing enabled domain names.
- Disable them (after taking notes in an array of which to re-enable later).
- Run AutoSSL for the new domain name alone.
- Re-enable all of the disabled domain names (in my array).
So my questions:
- Can I do that?
- Will it speed up processing the single domain I'm adding at the time?
- Will it cause interruptions to any other domain name accounts while temporarily disabled?
The speed is the most important thing though not interrupting existing domain names is pretty important too.
0 -
I would say:
-sure!
-it would be slightly faster, yes, as it's working through an extremely limited number of domains and checks
-no, this would only affect the domain it's currently working with0 -
Hi Rex, I'll give it a go either later today, tomorrow or this weekend latest.
Quick question: where is the command to return the array of currently enabled domains for AutoSSL please?
Or does that not exist and I will have to derive that based on comparing arrays of parked domains and disabled domains first?
0 -
There isn't a specific call for that one - we have the opposite of that with https://api.docs.cpanel.net/openapi/cpanel/operation/get_autossl_excluded_domains/
I can always do a feature request to poke the devs about adding API calls though!
1 -
Rex, thank you for the clarification. I saw the excluded domain names function earlier.
So the core most desirable feature is to run AutoSSL only for a specified domain name if possible. If that isn't within reason then a function that returns an array of only the currently enabled domain names would be good too. Please let me know, thank you!
0 -
I spoke to the team about this and they had me create case CPANEL-46937 so they can do some homework and see if this is something they can add! I did link to this forums post in the case so if I hear any updates I'll be sure to share them.
1 -
Rex, rock, thank you! This issue is the last one that imposes an unacceptable delay when I setup a new website from scratch for new clients. With things like updating their DNS I can just override the Windows hosts file but the TLS certificate update is the only thing I can't get around short of time and going directly to cPanel.
0 -
You're very welcome - just because I made the case doesn't mean they'll actually want to add that feature, but I hope they do to make it easier for you, and if I hear any updates I'll be sure to post.
1
Please sign in to leave a comment.
Comments
11 comments